WPA2 broken?

Levi Walker
Levi Walker

So WPA2's been busted, maybe.

alexhudson.com/2017/10/15/wpa2-broken-krack-now/

On social media right now, strong rumours are spreading that the WPA2 encryption scheme has been broken in a fundamental way. What this means: the security built into WiFi is likely ineffective, and we should not assume it provides any security.

The current name I’m seeing for this is “KRACK”: Key Reinstallation AttaCK.

Other urls found in this thread:

krackattacks.com
media.ccc.de/v/33c3-8195-predicting_and_abusing_wpa2_802_11_group_keys
krackattacks.com/
lwn.net/Articles/736503/

Joseph Fisher
Joseph Fisher

wifi fags BTFO again.

Leo Flores
Leo Flores

It's been broken for a while now between weak keys outside of wpa2-enterprise and WPS (((bugs))). Are you just now noticing this?

Ayden Davis
Ayden Davis

Everyone in enterprise runs VPNs over wifi and normies don't care about encryption. If true, I don't think it'd be a big deal.

Ian Stewart
Ian Stewart

4 more hours until embargo is over.
HYPE

Kevin Butler
Kevin Butler

time for WPA2 Fast 2 Furious

Brody Rivera
Brody Rivera

CAT5 was right again.

Lucas White
Lucas White

krackattacks.com

TLDR : This allows to force a reuse of wifi keys that are easy to break (some linux ( &android) use a bunch of zeros) .
It does this by simply re-sending a packet.
Thus this allows to read and forge packets.

Well shit, this with the Bluetooth attack will be a blight for the next ten years, till most of the IOT crap that has these vulns dies.

Jose Lewis
Jose Lewis

At this point you got to ask who designed this standard.
A nonce reset should not mean to start back at zero, it should at least start at some random offset.

Eli Lopez
Eli Lopez

mfw i don't use wifi

Evan Kelly
Evan Kelly

Rumor is real. Now published. Read URL.

Key Reinstallation Attacks Breaking WPA2
krackattacks.com

We discovered serious weaknesses in WPA2. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. We discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

Our attack is especially catastrophic against wpa_supplicant. Here, the client will install an all-zero encryption key instead of reinstalling the real key. Since the Linux autists are the only people that strictly follows what the standard suggested: memset() the key to all-zero after installed. During the attack, it will reinstall the now-cleared encryption key, effectively installing an all-zero key.

I'm using WPA2 with only AES. That's also vulnerable?

Yes, that network configuration is also vulnerable. The attack works against both WPA1 and WPA2, against personal and enterprise networks, and against any cipher suite being used (WPA-TKIP, AES-CCMP, and GCMP). So everyone should update their devices to prevent the attack!

What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. For ordinary home users, your priority should be updating clients such as laptops and smartphones.

In short, it does allow an attacker to decrypt, modify and inject traffic. It doesn't allow an attacker to crack your Wi-Fi password, but if you are on /g/, you probably know the implication.

Anyway, WPA2 is not everything you need for serious security anyway...WPA doesn't have Forward Secrecy. If one can record all your WPA handshakes, and later obtained your PSK, all traffic can be decrypted. The defense is IPSec, but it's extremely hard to maintain the system, and I found the easiest way is installing a VPN, such as OpenVPN (with DHE) on the router. Now shit happens, and this solution is proved to be useful.

Michael Gray
Michael Gray

LINUX BTFO AGAIN
how will it ever recover?

Oliver Rodriguez
Oliver Rodriguez

LINUX BTFO AGAIN
I blame Systemd.

Daniel Cox
Daniel Cox

If the protocol itself is secure, this practice could only improve security.
Let's say, for this previous attack, hostapd on Linux is the only good implementation.
media.ccc.de/v/33c3-8195-predicting_and_abusing_wpa2_802_11_group_keys

This time apparently WPA2 protocol betrayed everyone, and good security practice backfired in a horrible way... Though, OpenBSD is unaffected because they cheated...
OpenBSD silently release a patch before the embargo

Lucas Peterson
Lucas Peterson

If only systemd had reimplemented wpa_supplicant, then we wouldn't have this problem!

Jordan Morales
Jordan Morales

This.
It's time time to switch to networkd, and have Lennart re-implement WPA2.

Jackson Collins
Jackson Collins

Time to switch to Gnud-Linuxd-Kerneld
Lennart must re-implement our bunghole

Christopher Martin
Christopher Martin

We discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

Hudson Scott
Hudson Scott

Knew installing W10 was the right idea

Matthew Richardson
Matthew Richardson

Linux is also Apple and Windows
How will you ever recover?

Daniel Thomas
Daniel Thomas

It doesn't allow an attacker to crack your Wi-Fi password, but if you are on /g/, you probably know the implication.
What implication? Is there some way to get the password using this?

Christopher Morales
Christopher Morales

It gives full access to the attacker, why would he need your password?

Asher Torres
Asher Torres

Sometimes you just want some free Internet, my dude.

Landon Cooper
Landon Cooper

krackattacks.com/
Our research paper behind the attack is titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 and will be presented at the Computer and Communications Security (CCS) conference on Wednesday 1 November 2017.
Although this paper is made public now, it was already submitted for review on 19 May 2017. After this, only minor changes were made. As a result, the findings in the paper are already several months old. In the meantime, we have found easier techniques to carry out our key reinstallation attack against the 4-way handshake. With our novel attack technique, it is now trivial to exploit implementations that only accept encrypted retransmissions of message 3 of the 4-way handshake. In particular this means that attacking macOS and OpenBSD is significantly easier than discussed in the paper.

How will BSDcucks ever recover?

Angel Ward
Angel Ward

I already got patches from the Debian security repo.
So this really shouldn't be a problem for most distros.
The main problem will be Android phones, since it's gonna take weeks, or even months before they get patched, and some of the won't get patched at all.

Christopher Thompson
Christopher Thompson

Well, it also says that OpenBSD snuck out a patch back in July. But they won't be able to do that again.
To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.

Luke Ramirez
Luke Ramirez

kek and rekt'd

Colton Phillips
Colton Phillips

People who use wifi deserve to get hacked.

Owen Jenkins
Owen Jenkins

reminder that wi-fi is a messy clusterfuck of dropped packets and collisions
reminder that home wi-fi still has one general shared password for authentication and no per-user or one-time passwords
reminder that wi-fi has no AP authentication mechanism
And now with this,
reminder that wi-fi is a mistake

Christopher Lee
Christopher Lee

and some shill urged us to use public wifi for op sec, lol.

Levi Parker
Levi Parker

EXCELLENT, PLAUSIBLE DENIABILITY.

TORRENT EVERYTHING, CLAIM YOU WAS HACKED BY CIA NIGGERS.

Dylan Evans
Dylan Evans

the attacker need specific and expensive hardware
it needs to be done in the WiFi area
it needs to target each client individually
even breaking the WiFi the attacker would still need to pass trough the HTTPS and/or VPN
soon it will be all fixed
Nothing to see here.

Isaiah Sanchez
Isaiah Sanchez

What will replace wifi?

John Taylor
John Taylor

Bluetooth
:^)

Caleb Brown
Caleb Brown

reminder that wi-fi has no AP authentication mechanism
It does though, it's part of RADIUS.

Cooper Evans
Cooper Evans

Infrared

Hunter Sanders
Hunter Sanders

Your computer will still associate to the rogue AP (bad) and send your identity before establishing a secure tunnel (assuming EAP-PEAPv0 without private identity, or EAP-TLS), which is not exactly good. And god help you if some retard pajeet disables cert validation.

Adrian Edwards
Adrian Edwards

Already been fixed you dumb nigger.
lwn.net/Articles/736503/

Jace Thompson
Jace Thompson

A nonce reset should not mean to start back at zero, it should at least start at some random offset.
THIS IS THE OPTIMIZATION

Carson Lopez
Carson Lopez

someone please make a nerd comic of krack attack before faggy xkcd does. take the wind out xkcd sails.

Joseph Walker
Joseph Walker

Question, I use cabled shit for everything important in my work, but I've got to keep the wifi on because people around the place can't do without their iGizmos, how fucked am I?

Hudson Howard
Hudson Howard

extremely underrated post

Easton Russell
Easton Russell

Same and also what about Arris?

Cooper Mitchell
Cooper Mitchell

You could always make a separate normienet airgapped from the network you use.

Leo Long
Leo Long

Windows and iOS were still found to be vulnerable in that paper, let alone the follow up.

Carson Young
Carson Young

I design embedded networking products for a living which heavily use wifi and no one's contacted us about this. With heartbleed the phones were off the hook for days. It's weird. Some of the 'security researchers' are clearly better than others at marketting their work.
I'm not even going to bother backporting it to our old wpasupplicant on our older firmware since no one seems to care.

Owen Reed
Owen Reed

You are a complete and total faggot. Upgrade them you lazy cunt. But it is an amazing (((coincidence))) this spread so quickly.
They fixed it for linux's wpa_supplicant too.
Fuck off cianigger A.I.
Actually you could just copy the traffic in the air and decrypt it later if it's not plain text already. So it's a big deal still.
Totally and completely fucked if you don't update the router so that it can't be hijacked at the source.

Jordan Lopez
Jordan Lopez

Fixed.
[ebuild U ] net-wireless/wpa_supplicant-2.6-r3::gentoo [2.6-r2::gentoo]

Andrew James
Andrew James

mega satan uses gentoo
the memes write themselves

Parker Evans
Parker Evans

Just noting those digits.

Oliver Richardson
Oliver Richardson

Why did OpenBSD silently release a patch before the embargo?

OpenBSD was notified of the vulnerability on 15 July 2017, before CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt replied and critiqued the tentative disclosure deadline: “In the open source world, if a person writes a diff and has to sit on it for a month, that is very discouraging”. Note that I wrote and included a suggested diff for OpenBSD already, and that at the time the tentative disclosure deadline was around the end of August. As a compromise, I allowed them to silently patch the vulnerability. In hindsight this was a bad decision, since others might rediscover the vulnerability by inspecting their silent patch. To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.

Theo did nothing wrong
This speaks a lot about his character. He wouldn't allow his users to run a month with an unpatched security flaw he knew about. Fuck the other vendors.Not his problem.

Kevin Cox
Kevin Cox

In practice, OpenBSD has no working wireless drivers, so everyone uses cat-5.
Jews btfo themselves by not releasing hardware specs.

Xavier Wilson
Xavier Wilson

High-speed serial ports tbh fam.

Brandon Price
Brandon Price

Totally and completely fucked if you don't update the router so that it can't be hijacked at the source.
Do I just wait for a vendor's patch and install it via usb stick or are there other temporary fixes? By the way, my router has this quirk where I can't do shit to it (not even access it through credentials) unless its power was cut off, and even then I can only log in for a couple of hours before it reverts to being inaccessible. Am I safer like that or is it just yet another placebo?

Zachary Clark
Zachary Clark

Why WI-FI have a history of shitty security? How hard can it be to create secure wireless communication?

Charles Nguyen
Charles Nguyen

Near impossible. With cable the task of intercepting and substituting packets is much harder as you need to not only have physical access to a cable for a non-negligible period of time, but also to physically alter it in a way that is hard to conceal afterwards. With wireless all you need is to place a small device in the vicinity of a target without it looking conspicuous.

Dylan Thompson
Dylan Thompson

why bother with TP cable when ½ wire is cheaper, what fucking interference ever happens in your home that you actually need to have tp

Christopher Thompson
Christopher Thompson

Near impossible
??????????????????????????????
are you literally retarded????????
all you have to do is use authenticated encryption.

Adrian Davis
Adrian Davis

But muh power consumption. No one is too autistic to implement 4096-bit RSA keys on a fucking internet-connected battery-powered teapot.

Gabriel Long
Gabriel Long

Maybe then they should use newer, more energy efficient algorithms? And besides, nowadays we have cheap phones with multicore CPU's and few gigs of ram. I think you can afford nowadays to insert powerful hardware into routers.

Robert Kelly
Robert Kelly

But muh profit margins.

Hudson Bennett
Hudson Bennett

4096-bit RSA
you have no fucking clue what you are talking about. just stop it my dude

James Perez
James Perez

t. 🇮🇳

Leo Morgan
Leo Morgan

How would an user make a WiFi kill switch similar to the one in the Make-Weekend Projects that simply puts a physical break on an Ethernet cable? I would like a physical switch to turn off/on (shutdown/reboot) the wifi at the router end - cutting off or allowing access to any authorized wifi clients. I know some laptops have a physical slide switch to turn on/off wifi capability - this would be similar, but at the router end to cut out wifi connections only (router has separate ethernet connections that shouldn't be affected)

Is there a way of doing this that anons know of? I'm not finding any useful guides (wrong keywords?) but am certain others would have done similar already. I can make use of a generic Linksys router as needed.

Pics related + no_war_driving_possible_while_wifi_not_in_use.jpg

Logan Morris
Logan Morris

wrap aluminium foil around your router

Alexander Allen
Alexander Allen

The empty Doritos chip bag is on another assignment already so is unavailable for TEMPEST shielding activities.
No LARP, it looks increasingly like adding an additional circuit to the board rather than simply toggling pins.

Christopher Gonzalez
Christopher Gonzalez

Many routers actually have a wi-fi toggle button right on the front of the router.

Anthony Morris
Anthony Morris

And chrome has "privacy options".

Samuel Wood
Samuel Wood

Why WI-FI have a history of shitty security?
Don't forget about history, the "previous years".
1997, WEP.
2004, WPA.
It was still the era of the late 90s and early 2000.

What does it mean? We were still in the midst of the First Crypto War! We didn't have a common 128-bit encryption standard at that time, even publishing source code about cryptography online itself can led to prosecution from the FBI because of the U.S (((cryptography export restriction))), and legally you were only allowed to use 40-bit encryption if the program was available outside U.S.

In 2000s, U.S government was defeated, crypto restriction lifted, AES just became a thing. Wow, people got started to use crypto! Even in 2012, just before the PRISM disclosure, most people, if not all, were still too incompetent about cryptography applications. And what level of security do you expect from 2004, if the people just spent all their time on the war against the feds, and having no previous experience cryptography applications...BTW, This is why Internet Explorer 6 tells you "it uses 128-bit crypto" on the help window, because of legal requirements.

Nearly all the cryptography implementations from that time was a joke, besides those written by Cypherpunks (e.g. SSH, PGP, but still less than ideal). If we start a new wireless security standard from stretch today, things will be much better. WPA is a piece of legacy standard.

Julian Torres
Julian Torres

Thanks, that led me to details about an undocumented switch, though unfortunately wasn't what was needed in this case - though that is very helpful for other routers I'll need to mod.

Isaac Perez
Isaac Perez

The gov wasn't defeated, they decided that instead of key escrow they'd just get them directly from businesses who you'd decided to let handle your keys. You know the story of NSLs today and that the people didn't win the encryption war as believed.

Jeremiah Turner
Jeremiah Turner

(((privacy options)))

Carter Morales
Carter Morales

Yes they were defeated, but only in sense of the First Crypto War. They were not surrendered or conquered ofc, and they decided to go behind the line to do inside jobs instead of direct assaults, and they were very successful, people's incompetent of crypto engineering also helped them alot. After 2013 exposure, as crypto is being adopted rapidly, they came back to the frontline and started The Second Crypto War, a.k.a Crypto War 2.0.

Carter Parker
Carter Parker

The Second Crypto War
tfw fighting a proxy war during the Great Meme War, just like good old Finns in WWII